Yubico Forum :: View topic - troubles verifying response

Yubico Forum https://forum.yubico.com/

troubles verifying response https://forum.yubico.com/viewtopic.php?f=3&t=193	Page 1 of 1

Author:	Philippe [ Sun Oct 05, 2008 10:54 am ]
Post subject:	troubles verifying response
I have some troubles verifying the response from the Yubico server. The response I get is something like this (REPLAYED_OTP is ok, I'm fooling around) Code: h=yPsLotcX+VOIP/OSlViLqsMLl4c= t=2008-10-05T09:17:26Z0459 status=REPLAYED_OTP What I do is the following: base 64 decode the hash which gives me (200 251 11 162 215 23 249 83 136 63 243 146 149 88 139 170 195 11 151 135) compute the verification line which is in this case "s=REPLAYED_OTP&t=2008-10-05T09:17:26Z0459". It's all ASCII so it's the same in UTF-8. compute the HMAC-SHA1 hash over the verification line using my shared secret and compare it with hash from the first step. They don't match. I also sign my requests and the server does verify them. If I attach a wrong signature the server complains with BAD_SIGNATURE. So I think my HMAC-SHA1 library is ok. My first guess would be that my verification line is bad.

Author:	paul [ Mon Oct 06, 2008 8:38 pm ]
Post subject:	Re: troubles verifying response
The hmac calc has not been working well for awhile in the validation response. So I'm migrating it to the new server at: http://63.146.69.105/wsapi/verify.php?id=1&otp=... Let me know if you have problems with the new server? Thanks

Author:	Philippe [ Tue Oct 07, 2008 7:26 pm ]
Post subject:	Re: troubles verifying response
Yes, now requests that previously returned OK now return BAD_SIGNATURE. I tried to use it without the h parameter but then I get MISSING_PARAMETER info=h.

Author:	paul [ Wed Oct 08, 2008 7:35 am ]
Post subject:	Re: troubles verifying response
Philippe wrote: Yes, now requests that previously returned OK now return BAD_SIGNATURE. I tried to use it without the h parameter but then I get MISSING_PARAMETER info=h. Philippe, you can turn on/off of signature & id checking at our new validation server in beta: http://63.146.69.105/yms/ And, you can use this to test the generated signature: http://63.146.69.105/wsapi/sign_demo.php To validate an OTP: Debug mode: http://63.146.69.105/wsapi/verify_debug ... ....&h=.... Production mode: http://63.146.69.105/wsapi/verify?id=...&otp=....&h=.... This beta server's database is used only for testing purpose, NOT the same as the production database behind the server at http://api.yubico.com. Thanks for comments

Author:	Simon [ Mon Oct 20, 2008 12:27 pm ]
Post subject:	Re: troubles verifying response
We have some clients that perform signing/validation of signatures, check the yubico.com web pages. Maybe you can debug some of them to find out what is going on with your implementation? I think they are supposed to work with our current server. /Simon

Page 1 of 1	All times are UTC + 1 hour
Powered by phpBB® Forum Software © phpBB Group https://www.phpbb.com/